General

  • Target

    a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f

  • Size

    2.1MB

  • Sample

    240415-nkngjsdb95

  • MD5

    7a66daa76833055d3406a90cc1237eea

  • SHA1

    d25f637a1afc130e119e8d0382d772ec509ae419

  • SHA256

    a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f

  • SHA512

    64b60c67e9c4c8a6fd0f8bde8022bc5d9aefebee689bd51efee9d477a23581b017ed00af4e8a8945581cddf6dacfd5fa2247ddf5a8c74d374accc5e8c6280bdf

  • SSDEEP

    49152:+SUl6vD5DxN6HHLJ9tMVaYsJ5d9FxJbHnuPEebr1yr6Dj6QF4t:+SSwD5DxketsJ9JzuBbr1yr6CQF

Score
10/10

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f

    • Size

      2.1MB

    • MD5

      7a66daa76833055d3406a90cc1237eea

    • SHA1

      d25f637a1afc130e119e8d0382d772ec509ae419

    • SHA256

      a52d3e061d94574b06d1dd80d10b0da00bfec0da72148f82ed7c7e7c01972a9f

    • SHA512

      64b60c67e9c4c8a6fd0f8bde8022bc5d9aefebee689bd51efee9d477a23581b017ed00af4e8a8945581cddf6dacfd5fa2247ddf5a8c74d374accc5e8c6280bdf

    • SSDEEP

      49152:+SUl6vD5DxN6HHLJ9tMVaYsJ5d9FxJbHnuPEebr1yr6Dj6QF4t:+SSwD5DxketsJ9JzuBbr1yr6CQF

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks